|
Profile fields are admin definable. Hence I would not be able to make a general bitfield file that corresponds to more than one board. It should be possible to do this on your own if you did some coding.
I'm surprised no one has had any conflicts involving this mod yet. I've been sitting on a new reworked version that solves a few... |
Did some coding? Me? Yeah right:)
Reworked version you say? Can you share? ;) One of the bugs I have noticed is when my users use <embed> tag to embed google video and it gets cut out due to max characters for this profile fields it break the tables in memberinfo template. Anyway around that? Also is there a way to make the use of html in profile fields more secure? I believe psionic have release his interactive profiles script with custom css feature that is somewhat protected from xss flaws. Can this be integrated into this mod? |
The bug you mention is more of a limitation of vBulletin itself. In order to "fix" the max characters issue (I have done this on my site), you should alter the db fields for those profile fields. I believe they are set to VARCHAR(255). If you have MySQL 5 you can set the VARCHAR higher I think, but I just changed the fields to MEDIUMTEXT.
I will look at Psionic's mod one of these days and see what you are referring to... but honestly as long as script tags and comment tags exist, or the ability to define new HTML tags, I don't think there is a truly safe way to allow HTML. |
no worky with 3.7 =(
|
I will release an updated version as soon as I get around to installing 3.7. Right now I am still in the process of making my site upgrade friendly.
|
Any update?
|
I have had no issues running this on 3.7. If you are having issues, try to contact me via AIM. Thanks.
|
I don't have AIM. You got msn? That's the error i am getting when trying to access a profile:
Warning: Invalid argument supplied for foreach() in /includes/functions.php on line 3767 Fatal error: Call to a member function query_read_slave() on a non-object in /home/xxxx/public_html/beta/forums/includes/class_bbcode.php on line 217 |
I'm not sure how you are executing the member_customfields plugin, since in 3.7 member_customfields is missing.
EDIT: I found this thread at vb.com: http://www.vbulletin.com/forum/proje...?issueid=23995 Until such time as vBulletin 3.7 GOLD is released, my profile fields feature is unsupported. A lot of changes were made in 3.7, so I will release a new version of this mod at such time. The 3.7 version of this mod is a bit smarter/faster, has even more compatibility with other hacks, and is much easier to integrate should the need arise. |
Quote:
http://htmlpurifier.org/ I've been thinking about plugging this into vB for a while now. I've done some work with it in other systems (like a classified system I run), and it looks pretty damn solid. I ran a couple of the more comprehensive attack suites on it, and have yet to find anything damaging get through. Although I do agree that there is no such thing as truly safe HTML enabled user input, especially when it comes to 'zero day' attacks using newly discovered vectors before things like HTML Purifier can be updated ... but these guys seem to be pretty much on the ball. Certainly a better option than relying on roll-yer-own XSS cleaning scripts maintained by vB (or whoever), who don't really have the time to stay on top of this stuff on a day to day basis. -- hugh |
| All times are GMT. The time now is 09:40 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|